dovecot/rootfs/etc/confd/templates/app-passwords-lookup.lua.tmpl

require "lualdap"

function auth_passdb_lookup(req)
    local ldap_host = "{{ getenv "LDAP_HOST" }}"
    local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}"
    local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}"
    local ldap_use_tls = {{ if eq (getenv "LDAP_USE_TLS") "yes" }}true{{ else }}false{{ end }}

    ld = assert (lualdap.open_simple(
        ldap_host,
        ldap_bin_dn,
        ldap_bind_password,
        ldap_use_tls))

    local username = req.user
    local ldap_pass_filter = "{{ getenv "LDAP_PASS_FILTER" }}"
    local ldap_pass_filter_formatted = ldap_pass_filter:gsub("%%u", username)
    local ldap_base_dn = "{{ getenv "LDAP_BASE_DN" }}"

    local user_count = 0
    for dn, attribs in ld:search { base = ldap_base_dn, scope = "subtree", filter = ldap_pass_filter_formatted } do
        user_count = user_count + 1
    end

    local return_code = dovecot.auth.PASSDB_RESULT_NEXT
    local return_text = ""

    local user_exists = user_count == 1
    if user_exists then
        local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}"
        local app_base_dn_formatted = app_base_dn:gsub("%%u", username)
        local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}"
        local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" "cn" }}"

        local user_password = req.password

        for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do
            req:log_info(string.format("trying %s...", dn))

            local test_conn = lualdap.open_simple(
                ldap_host,
                dn,
                user_password,
                ldap_use_tls)
            if test_conn ~= nil then
                req:log_info(string.format("%s suceeded!", dn))
                return dovecot.auth.PASSDB_RESULT_OK, string.format("password=%s user=%s", user_password, username)
            end
        end
    else
        return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"
    end

    return return_code, return_text
end
app passwordss cript needs to be a template 2018-02-27 13:29:28 +00:00			`require "lualdap"`

			`function auth_passdb_lookup(req)`
			`local ldap_host = "{{ getenv "LDAP_HOST" }}"`
			`local ldap_bin_dn = "{{ getenv "LDAP_BIND_DN" }}"`
			`local ldap_bind_password = "{{ getenv "LDAP_BIND_PASSWORD" }}"`
fix lua auth script 2018-02-27 16:02:32 +00:00			`local ldap_use_tls = {{ if eq (getenv "LDAP_USE_TLS") "yes" }}true{{ else }}false{{ end }}`
app passwordss cript needs to be a template 2018-02-27 13:29:28 +00:00
			`ld = assert (lualdap.open_simple(`
			`ldap_host,`
			`ldap_bin_dn,`
			`ldap_bind_password,`
			`ldap_use_tls))`

use req.user var for username 2018-02-27 14:05:17 +00:00			`local username = req.user`
app passwordss cript needs to be a template 2018-02-27 13:29:28 +00:00			`local ldap_pass_filter = "{{ getenv "LDAP_PASS_FILTER" }}"`
			`local ldap_pass_filter_formatted = ldap_pass_filter:gsub("%%u", username)`
correct lua syntax 2018-02-27 13:52:38 +00:00			`local ldap_base_dn = "{{ getenv "LDAP_BASE_DN" }}"`
app passwordss cript needs to be a template 2018-02-27 13:29:28 +00:00
			`local user_count = 0`
			`for dn, attribs in ld:search { base = ldap_base_dn, scope = "subtree", filter = ldap_pass_filter_formatted } do`
			`user_count = user_count + 1`
			`end`

correctly use lua script in dovecot 2018-02-27 17:18:49 +00:00			`local return_code = dovecot.auth.PASSDB_RESULT_NEXT`
			`local return_text = ""`

app passwordss cript needs to be a template 2018-02-27 13:29:28 +00:00			`local user_exists = user_count == 1`
			`if user_exists then`
			`local app_base_dn = "{{ getenv "LDAP_APP_PASSWORDS_BASE_DN" }}"`
			`local app_base_dn_formatted = app_base_dn:gsub("%%u", username)`
			`local app_pass_filter = "{{ getenv "LDAP_APP_PASSWORDS_FILTER" }}"`
fix lua auth script 2018-02-27 16:02:32 +00:00			`local ldap_user_attribute = "{{ getenv "LDAP_USER_ATTRIBUTE" "cn" }}"`
app passwordss cript needs to be a template 2018-02-27 13:29:28 +00:00
it is req not reg 2018-02-27 14:15:24 +00:00			`local user_password = req.password`
app passwordss cript needs to be a template 2018-02-27 13:29:28 +00:00
			`for dn, attribs in ld:search { base = app_base_dn_formatted, scope = "subtree", filter = app_pass_filter } do`
correctly use lua script in dovecot 2018-02-27 17:18:49 +00:00			`req:log_info(string.format("trying %s...", dn))`

fix lua auth script 2018-02-27 16:02:32 +00:00			`local test_conn = lualdap.open_simple(`
app passwordss cript needs to be a template 2018-02-27 13:29:28 +00:00			`ldap_host,`
			`dn,`
			`user_password,`
			`ldap_use_tls)`
			`if test_conn ~= nil then`
log success 2018-02-27 17:19:20 +00:00			`req:log_info(string.format("%s suceeded!", dn))`
correctly use lua script in dovecot 2018-02-27 17:18:49 +00:00			`return dovecot.auth.PASSDB_RESULT_OK, string.format("password=%s user=%s", user_password, username)`
app passwordss cript needs to be a template 2018-02-27 13:29:28 +00:00			`end`
			`end`
			`else`
			`return dovecot.auth.PASSDB_RESULT_USER_UNKNOWN, "no such user"`
			`end`

correctly use lua script in dovecot 2018-02-27 17:18:49 +00:00			`return return_code, return_text`
app passwordss cript needs to be a template 2018-02-27 13:29:28 +00:00			`end`